Lucene search
K

7 matches found

Tenable Nessus
Tenable Nessus
added 2021/04/27 12:0 a.m.87 views

Debian DLA-2635-1 : libspring-java security update

Multiple vulnerabilities were discovered in libspring-java, a modular Java/J2EE application framework. An attacker may execute code, perform XST attack, issue unauthorized cross-domain requests or cause a DoS denial of service in specific configurations. CVE-2018-1270 Spring Framework allows...

9.8CVSS7.7AI score0.77245EPSS
Exploits5References7
OpenVAS
OpenVAS
added 2021/04/24 12:0 a.m.37 views

Debian: Security Advisory (DLA-2635-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.7AI score0.77245EPSS
Exploits5References4
Debian
Debian
added 2021/04/23 6:29 p.m.151 views

[SECURITY] [DLA 2635-1] libspring-java security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2635-1 [email protected] https://www.debian.org/lts/security/ April 23, 2021 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package...

9.8CVSS9.6AI score0.77245EPSS
Exploits5
vulnersOsv
vulnersOsv
added 2018/10/16 5:43 p.m.6 views

ai.dev-tools:ai-devtools (>=0.1.12 <=0.1.20), ai.idylnlp:idylnlp-models-deeplearning (>=1.0.0 <=1.1.0) +4451 more potentially affected by CVE-2018-11040 via org.springframework:spring-core (>=5.0.0.RELEASE <=5.0.6.RELEASE)

org.springframework:spring-core MAVEN version =5.0.0.RELEASE, =0.1.12, =1.0.0, =Finchley.SR2.SR1, =Finchley.SR4, =Finchley.SR2.SR1, =Finchley.SR2.SR1, =Finchley.SR4, =0.0.1, =0.0.2, =2.0.3.RELEASE, =2.0.3.RELEASE, =2.0.3.RELEASE, =2.0.3.RELEASE, =2.0.9.RELEASE and more Source cves: CVE-2018-11040...

7.5CVSS6.6AI score0.03244EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2018/06/25 3:29 p.m.36 views

CVE-2018-11040

Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP JSON with Padding through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser...

7.5CVSS6.8AI score0.03244EPSS
Exploits0References2
NVD
NVD
added 2018/06/25 3:29 p.m.26 views

CVE-2018-11040

Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP JSON with Padding through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser...

7.5CVSS7.9AI score0.03244EPSS
Exploits0References9
CVE
CVE
added 2018/06/25 3:0 p.m.135 views

CVE-2018-11040

CVE-2018-11040 affects Spring Framework: 5.0.x before 5.0.7 and 4.3.x before 4.3.18 (and older unsupported versions). The issue arises because JSONP support can be enabled via JSONP parameters when MappingJackson2JsonView is configured, allowing cross-domain requests through AbstractJsonpResponse...

7.5CVSS8.3AI score0.03244EPSS
Exploits0References9Affected Software1
Rows per page
Query Builder